Understanding Linux kernel vulnerabilities

被引:4
作者
Shameli-Sendi, Alireza [1 ]
机构
[1] Shahid Beheshti Univ SBU, Fac Comp Sci & Engn, Tehran, Iran
来源
JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES | 2021年 / 17卷 / 04期
关键词
Software security; Linux kernel vulnerability; Vulnerability taxonomies; TAXONOMY;
D O I
10.1007/s11416-021-00379-x
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Protecting the Linux kernel from malicious activities is of paramount importance. Several approaches have been proposed to analyze kernel-level vulnerabilities. Existing studies, however, have a strong focus on the attack type (e.g., buffer overflow). In this paper, we report on our analysis of 1,858 Linux kernel vulnerabilities covering a period of Jan 2010-Jan 2020. We classify these vulnerabilities from the attacker's view using various criteria such as the attacker's objective, the targeted subsystems of the kernel, the location from which vulnerabilities can be exploited (i.e., locally or remotely), the impact of the attack on confidentiality, system integrity and availability, and the complexity level associated with exploiting vulnerabilities. Our findings indicate the presence of a large number of low-complexity vulnerabilities. Most of them can be exploited from the local system, leading to attacks that can severely compromise the kernel quality of service, and allow attackers to gain privileged access
引用
收藏
页码:265 / 278
页数:14
相关论文
共 50 条
  • [41] A software security assessment system based on analysis of vulnerabilities
    Sui, Chenmeng
    Liu, Yanzhao
    Liu, Yun
    [J]. Journal of Convergence Information Technology, 2012, 7 (06) : 211 - 219
  • [42] Security vulnerabilities in healthcare: an analysis of medical devices and software
    Carlos M. Mejía-Granda
    José L. Fernández-Alemán
    Juan M. Carrillo-de-Gea
    José A. García-Berná
    [J]. Medical & Biological Engineering & Computing, 2024, 62 : 257 - 273
  • [43] Security vulnerabilities in healthcare: an analysis of medical devices and software
    Mejia-Granda, Carlos M.
    Fernandez-Aleman, Jose L.
    Carrillo-de-Gea, Juan M.
    Garcia-Berna, Jose A.
    [J]. MEDICAL & BIOLOGICAL ENGINEERING & COMPUTING, 2024, 62 (01) : 257 - 273
  • [44] Effect of Coding Styles in Detection of Web Application Vulnerabilities
    Medeiros, Iberia
    Neves, Nuno
    [J]. 2020 16TH EUROPEAN DEPENDABLE COMPUTING CONFERENCE (EDCC 2020), 2020, : 111 - 118
  • [45] Examining the Relationship of Code and Architectural Smells with Software Vulnerabilities
    Sultana, Kazi Zakia
    Codabux, Zadia
    Williams, Byron
    [J]. 2020 27TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC 2020), 2020, : 31 - 40
  • [46] Virtualization vulnerabilities, security issues, and solutions: a critical study and comparison
    Tank D.
    Aggarwal A.
    Chaubey N.
    [J]. International Journal of Information Technology, 2022, 14 (2) : 847 - 862
  • [47] Review on Cyber Vulnerabilities of Communication Protocols in Industrial Control Systems
    Xu, Yikai
    Yang, Yi
    Li, Tianran
    Ju, Jiaqi
    Wang, Qi
    [J]. 2017 IEEE CONFERENCE ON ENERGY INTERNET AND ENERGY SYSTEM INTEGRATION (EI2), 2017,
  • [48] False Positive Analysis of software vulnerabilities using Machine learning
    Gowda, Sumanth
    Prajapati, Divyesh
    Singh, Ranjit
    Gadre, Swanand S.
    [J]. 2018 SEVENTH IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING IN EMERGING MARKETS (CCEM), 2018, : 3 - 6
  • [49] Peer Code Review to Prevent Security Vulnerabilities: An Empirical Evaluation
    Bosu, Amiangshu
    Carver, Jeffrey C.
    [J]. 2013 IEEE 7TH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C), 2013, : 230 - 231
  • [50] LoRaWAN Security: An Evolvable Survey on Vulnerabilities, Attacks and their Systematic Mitigation
    Hessel, Frank
    Almon, Lars
    Hollick, Matthias
    [J]. ACM TRANSACTIONS ON SENSOR NETWORKS, 2022, 18 (04)
12345